Gentoo update for Wireshark
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 21 |
| CVE-ID | CVE-2021-22235 CVE-2021-39920 CVE-2021-39921 CVE-2021-39922 CVE-2021-39924 CVE-2021-39925 CVE-2021-39926 CVE-2021-39928 CVE-2021-39929 CVE-2021-4181 CVE-2021-4182 CVE-2021-4183 CVE-2021-4184 CVE-2021-4185 CVE-2021-4186 CVE-2021-4190 CVE-2022-0581 CVE-2022-0582 CVE-2022-0583 CVE-2022-0585 CVE-2022-0586 |
| CWE-ID | CWE-20 CWE-835 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Gentoo Linux Operating systems & Components / Operating system net-analyzer/wireshark Operating systems & Components / Operating system package or component |
| Vendor | Gentoo |
Security Bulletin
This security bulletin contains information about 21 vulnerabilities.
1) Input validation error
EUVDB-ID: #VU54877
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-22235
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input within the DNP dissector. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.
MitigationUpdate the affected packages.
net-analyzer/wireshark to version: 3.6.8
Gentoo Linux: All versions
net-analyzer/wireshark: before 3.6.8
External linkshttp://security.gentoo.org/glsa/202210-04
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Input validation error
EUVDB-ID: #VU58215
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-39920
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation in the IPPUSB dissector. A remote attacker can send specially crafted packets through the application and perform a denial of service (DoS) attack.
MitigationUpdate the affected packages.
net-analyzer/wireshark to version: 3.6.8
Gentoo Linux: All versions
net-analyzer/wireshark: before 3.6.8
External linkshttp://security.gentoo.org/glsa/202210-04
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Input validation error
EUVDB-ID: #VU58214
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-39921
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation in the Modbus dissector. A remote attacker can send specially crafted packets through the application and perform a denial of service (DoS) attack.
MitigationUpdate the affected packages.
net-analyzer/wireshark to version: 3.6.8
Gentoo Linux: All versions
net-analyzer/wireshark: before 3.6.8
External linkshttp://security.gentoo.org/glsa/202210-04
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Input validation error
EUVDB-ID: #VU58212
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-39922
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation in the C12.22 dissector. A remote attacker can send specially crafted packets through the application and perform a denial of service (DoS) attack.
MitigationUpdate the affected packages.
net-analyzer/wireshark to version: 3.6.8
Gentoo Linux: All versions
net-analyzer/wireshark: before 3.6.8
External linkshttp://security.gentoo.org/glsa/202210-04
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Infinite loop
EUVDB-ID: #VU58217
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-39924
CWE-ID:
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop in the Bluetooth DHT dissector. A remote attacker can send specially crafted packets through the application, consume all available system resources and perform a denial of service (DoS) attack.
Update the affected packages.
net-analyzer/wireshark to version: 3.6.8
Gentoo Linux: All versions
net-analyzer/wireshark: before 3.6.8
External linkshttp://security.gentoo.org/glsa/202210-04
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Input validation error
EUVDB-ID: #VU58211
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-39925
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation in the Bluetooth SDP dissector. A remote attacker can send specially crafted packets through the application and perform a denial of service (DoS) attack.
MitigationUpdate the affected packages.
net-analyzer/wireshark to version: 3.6.8
Gentoo Linux: All versions
net-analyzer/wireshark: before 3.6.8
External linkshttp://security.gentoo.org/glsa/202210-04
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Input validation error
EUVDB-ID: #VU58210
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-39926
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation in the Bluetooth HCI_ISO dissector. A remote attacker can send specially crafted packets through the application and perform a denial of service (DoS) attack.
MitigationUpdate the affected packages.
net-analyzer/wireshark to version: 3.6.8
Gentoo Linux: All versions
net-analyzer/wireshark: before 3.6.8
External linkshttp://security.gentoo.org/glsa/202210-04
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Input validation error
EUVDB-ID: #VU58213
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-39928
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation in the IEEE 802.11 dissector. A remote attacker can send specially crafted packets through the application and perform a denial of service (DoS) attack.
MitigationUpdate the affected packages.
net-analyzer/wireshark to version: 3.6.8
Gentoo Linux: All versions
net-analyzer/wireshark: before 3.6.8
External linkshttp://security.gentoo.org/glsa/202210-04
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Input validation error
EUVDB-ID: #VU58216
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-39929
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation in the Bluetooth DHT dissector. A remote attacker can send specially crafted packets through the application and perform a denial of service (DoS) attack.
MitigationUpdate the affected packages.
net-analyzer/wireshark to version: 3.6.8
Gentoo Linux: All versions
net-analyzer/wireshark: before 3.6.8
External linkshttp://security.gentoo.org/glsa/202210-04
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Input validation error
EUVDB-ID: #VU59119
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-4181
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in the Sysdig Event dissector. A remote attacker can send specially crafted traffic over the network and perform a denial of service (DoS) attack.
MitigationUpdate the affected packages.
net-analyzer/wireshark to version: 3.6.8
Gentoo Linux: All versions
net-analyzer/wireshark: before 3.6.8
External linkshttp://security.gentoo.org/glsa/202210-04
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Infinite loop
EUVDB-ID: #VU59120
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-4182
CWE-ID:
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop in RFC 7468 file parser. A remote attacker can trick the victim to open a specially crafted packet trace file and consume excessive CPU resources.
MitigationUpdate the affected packages.
net-analyzer/wireshark to version: 3.6.8
Gentoo Linux: All versions
net-analyzer/wireshark: before 3.6.8
External linkshttp://security.gentoo.org/glsa/202210-04
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Input validation error
EUVDB-ID: #VU59121
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-4183
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in pcapng file parser. A remote attacker can trick the victim to open a malformed packet trace file and perform a denial of service (DoS) attack.
MitigationUpdate the affected packages.
net-analyzer/wireshark to version: 3.6.8
Gentoo Linux: All versions
net-analyzer/wireshark: before 3.6.8
External linkshttp://security.gentoo.org/glsa/202210-04
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Infinite loop
EUVDB-ID: #VU59122
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-4184
CWE-ID:
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop in BitTorrent DHT dissector. A remote attacker can send specially crafted traffic over the network, consume all available system resources and cause denial of service conditions.
MitigationUpdate the affected packages.
net-analyzer/wireshark to version: 3.6.8
Gentoo Linux: All versions
net-analyzer/wireshark: before 3.6.8
External linkshttp://security.gentoo.org/glsa/202210-04
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Infinite loop
EUVDB-ID: #VU59123
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-4185
CWE-ID:
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop in RTMPT dissector. A remote attacker can send specially crafted traffic over the network, consume all available system resources and cause denial of service conditions.
MitigationUpdate the affected packages.
net-analyzer/wireshark to version: 3.6.8
Gentoo Linux: All versions
net-analyzer/wireshark: before 3.6.8
External linkshttp://security.gentoo.org/glsa/202210-04
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Input validation error
EUVDB-ID: #VU59124
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-4186
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in Gryphon dissector. A remote attacker can pass specially crafted traffic through the network and perform a denial of service (DoS) attack.
MitigationUpdate the affected packages.
net-analyzer/wireshark to version: 3.6.8
Gentoo Linux: All versions
net-analyzer/wireshark: before 3.6.8
External linkshttp://security.gentoo.org/glsa/202210-04
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Infinite loop
EUVDB-ID: #VU59118
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-4190
CWE-ID:
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop in Kafka protocol dissector. A remote attacker can send specially crafted traffic over the network, consume all available system resources and cause denial of service conditions.
MitigationUpdate the affected packages.
net-analyzer/wireshark to version: 3.6.8
Gentoo Linux: All versions
net-analyzer/wireshark: before 3.6.8
External linkshttp://security.gentoo.org/glsa/202210-04
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Input validation error
EUVDB-ID: #VU60521
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-0581
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in CMS dissector. A remote attacker can send specially crafted packets over the network and perform a denial of service (DoS) attack.
MitigationUpdate the affected packages.
net-analyzer/wireshark to version: 3.6.8
Gentoo Linux: All versions
net-analyzer/wireshark: before 3.6.8
External linkshttp://security.gentoo.org/glsa/202210-04
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
18) Input validation error
EUVDB-ID: #VU60522
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-0582
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in CSN.1 dissector. A remote attacker can send specially crafted packets over the network and perform a denial of service (DoS) attack.
MitigationUpdate the affected packages.
net-analyzer/wireshark to version: 3.6.8
Gentoo Linux: All versions
net-analyzer/wireshark: before 3.6.8
External linkshttp://security.gentoo.org/glsa/202210-04
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
19) Input validation error
EUVDB-ID: #VU60523
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-0583
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in PVFS dissector. A remote attacker can send specially crafted packets over the network and perform a denial of service (DoS) attack.
MitigationUpdate the affected packages.
net-analyzer/wireshark to version: 3.6.8
Gentoo Linux: All versions
net-analyzer/wireshark: before 3.6.8
External linkshttp://security.gentoo.org/glsa/202210-04
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
20) Infinite loop
EUVDB-ID: #VU60524
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-0585
CWE-ID:
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to large loops in multiple dissectors including AMP, ATN-ULCS and possibly other ASN.1 PER dissectors, BP, GDSDB, OpenFlow v5, P_MUL, SoulSeek, TDS, WBXML, WSP and possibly other WAP dissectors, and ZigBee ZCL. A remote attacker can send specially crafted packets over the network, consume all available system resources and cause denial of service conditions.
MitigationUpdate the affected packages.
net-analyzer/wireshark to version: 3.6.8
Gentoo Linux: All versions
net-analyzer/wireshark: before 3.6.8
External linkshttp://security.gentoo.org/glsa/202210-04
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
21) Infinite loop
EUVDB-ID: #VU60525
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-0586
CWE-ID:
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop in RTMPT dissector. A remote attacker can send specially crafted packets over the network, consume all available system resources and cause denial of service conditions.
MitigationUpdate the affected packages.
net-analyzer/wireshark to version: 3.6.8
Gentoo Linux: All versions
net-analyzer/wireshark: before 3.6.8
External linkshttp://security.gentoo.org/glsa/202210-04
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
